Back to Tech
How to “phish” cybersecurity talents?
August 5, 2020

Carrefour has launched, since November 2019, an original program to attract talents in cybersecurity. The aim is to train and acculturate the future of its cybersecurity experts thanks to the Cybersecurity Talent Program (CTP).

For many years, cybersecurity has been a strong component of business. As a retail tech company, we should secure the whole chain of value whether it means our partners (producers, breeders and suppliers), purchase, supply, marketing, points of sales (physical or digital), our collaborators or – of course – our customers.

Carrefour is not different from other companies. Finding talents in cybersecurity is not like a “walk in a park”, it’s hard! We are facing a shortage of labor in this speciality, with the associated consequences: strong speculations from the applicants, increase of wages increase and yhe explosion of the staff turnover.

After a joint work with human resources, the observation was the following: On average, it takes 8 months to find the right person. The talent then needs 6 to 12 months to be acculturated and autonomous. So, instead of hiring talents at the detriment of other companies, we’re going to train them. Thus, we set up the Cybersecurity Talent Program!

A cross-expertise vision, pragmatism and time to market

The goal was simple, we were looking for employees to:

  • have an end-to-end vision of the business lines of cybersecurity,
  • be acculturated to the global Carrefour ecosystem,
  • be able to respond immediately to a need at the exit of the program.

Quickly, the frame of the program was designed. It is a two-year adventure, opened for eight young graduates from engineering schools. And, we offer them a permanent contract directly.

Along the path, the participants will carry out an internship in each of the departments of the Cybersecurity Office. This approach is an incredible career accelerator. Our graduates are able to acquire a maximum of experience in a minimum amount of time. On top of that, they are being accompanied by a mentor for a successful integration.

Question our vision for a better effectiveness

A few months after the beginning of the CTP, we organized a feedback meeting with the main stakeholders (i.e., departments’ managers, HR, graduates) and we decided to make some adjustments:

  • Reduce the time-to-market of our graduates: we shortened the duration of the program to eighteen months,
  • Better meet the needs of our departments and the graduates’ expectations. The second part of the path is now dedicated to a specialization, with an ad hoc training according to the chosen speciality,
  • Diversify the applicants’ profiles: we have opened the CTP to more people, with or without a degree. We rather focus on skills than diplomas.

What about the details of the Cybersecurity Talent Program

In details, the program is split into two parts:

  • A generalist first year focused on cybersecurity: Graduates are integrating several different departments of the two major activities, SecOps (i.e. Security Operations) and Governance.
  • The last 6 months are dedicated to the chosen specialization. After an overview of the cybersecurity jobs and a few weeks at the international governance’s team, the graduate can select a specialization that meets the company’s needs. He/She makes this final step within his targeted team.

If you want the best from your talents, you have to invest in them. That is why we are also offering training to our graduates:

  • general training about cybersecurity during the first year,
  • an ad hoc training according to the chosen specialization.

Last but not least, one of the key aspects of the program is the development of soft skills. Thus, graduates have three specific courses in order to develop these skills: speaking in public, project management and professional effectiveness.

A high-level selection for our talents in cybersecurity, with varied profiles

We designed a strong selection process to find exceptionnal talents in cybersecurity. The process has 5 successive steps:

  • Sourcing: a dedicated team makes a first selection according to defined criterias
  • Qualification: a short telephone conversation to ensure that the applicant has fully understand the program’s framework
  • Interview Level 1: a first interview with the program manager and the HR
  • Interview Level 2: a second interview with 2 managers of cybersecurity departments
  • Technical tests: technical events with a specialized team to evaluate the applicants’ skills

The process can appear as an “obstacle course”. However, it is necessary to go through all these phases in order to identify the best profiles. We only hire 1% of the applicants!

We just hired 3 talents this year, and, each one of them has a different background and has different motivations to join the CTP.

Let us introduce you our latest talents

Vincent : I’m 25 and I’m from 42 school Paris where I learned coding and IT in general. I first started as a cook in high school before I switched to IT and now I work in cybersecurity where I really enjoy doing my job.
I choose the CTP largely because of the variety of jobs it offers and I also think that this is a great position to start a career in cybersecurity.

Chrisson: I am currently a Cyber Threat Intelligence analyst at the SOC of Carrefour. I joined the Cybersecurity Talent Program 5 months ago. I am 27, I freshly graduated from Sciences Po and I also hold an engineering degree in network and security from IMT Atlantique.
Joining the program gave me the opportunity to explore the many technical and non-technical aspects of cybersecurity. So that’s why the Carrefour Cybersecurity Talent Program has been the perfect choice for me.

Alexis: I’m 24 y.o and I just graduated from a master’s degree in cyber security at ESGI Paris. After two years of work-study contract within the IT department of the Total group, I was given the opportunity to join the Carrefour Group within the Cybersecurity Talent Program.
For me, this is a unique opportunity to develop my skills by working with all of Carrefour’s cybersecurity players. Moreover, the training program perfectly combines soft and technical skills that will be a precious strength for our career in the group.

from left to right : Vincent, Alexis and Chrisson

A visible initiative to gain talents in cybersecurity

We shared with the cybersecurity professionals community and we had only excellent feedback! We are now thinking about to scale the program up to the whole IT and digital jobs.

Check our other tech projects on Horizons.
You can also check our other Graduate Programs in France.

About the Author

Fraud Detection and Investigation Manager Hugo is in charge of fraud detection activity and leads investigations when a major fraud happens. He considers cybersecurity a business accelerator. In his spare time, Hugo likes to restore old vehicles!

What’s new?